Part 5 – The Unavoidable Risk of Human Error
Human error is an inevitable aspect of IT operations. In fact, there’s a common saying: “If we could remove all users from IT, we wouldn’t have any incidents to fix.” Despite our best efforts, mistakes happen.
Moreover, these human errors can be particularly costly when managing Data Loss Prevention (DLP) programs, where the focus is often on mitigating deliberate threats but may overlook the unintentional mistakes of well-meaning employees
When Human Error Happens: A Common Scenario
During a recent DLP workshop, we asked participants how many had accidentally sent an email to the wrong external recipient. With a bit of encouragement, everyone eventually admitted they had. This kind of human error is a common issue, even among the most vigilant of us.
Sending confidential emails to the wrong person or company is a frequent human error that can happen to any of us. Fortunately, in many cases, the recipients are trusted contacts who agree to delete the sensitive information.
Human Error and Autocomplete: A Double-Edged Sword
One frequent culprit behind these human errors is the Autocomplete function in email platforms like Microsoft Outlook.
While Autocomplete is designed to help by predicting the email address you’re trying to use, it can also lead to mistakes when names are similar. In the rush of a busy day, it’s easy to send an email without double-checking the recipient.
Mitigating the Risk: Practical Steps
If an email contains sensitive data, it’s essential to validate the recipient before hitting send. Many DLP tools can assist by detecting sensitive content and prompting users with a pop-up message to apply a Confidential label. This extra step serves as a final reminder to review both the email’s content and its recipients.
While no system is foolproof, these precautions can significantly reduce the likelihood of sending an email to the wrong person.
What if the Worst Happens?
Even when mistakes occur, there are ways to mitigate the damage. Microsoft’s Online Message Encryption (OME) service, a feature of the Purview suite, allows users to revoke external access to an email.
By locating the sent message in Outlook and selecting ‘Remove external access,’ the email will be automatically deleted from the recipient’s mailbox, provided it hasn’t been opened. Of course, this relies on noticing the error in the first place.
Reflecting on Human Error
Human error will always be a part of IT, and while we can’t eliminate it entirely, we can certainly be prepared. Even with advanced tools, human error still remains a risk that can’t be fully eliminated. By recognising the inevitability of mistakes and implementing tools like DLP programs and encryption services, we can minimise the risks and recover more effectively when slip-ups occur. The key is not just in preventing errors but in being ready to respond when they happen.
So, how well are you prepared for the next unexpected mistake?